Tuesday, October 20, 2009

More and more experts are beginning to think that the best safe way to shop online or do online banking is to replace Windows with Linux.

People, who like Linux, like yours truly :), often harp on the fact that Linux is more secure than Windows. And, so it is, but most people still stick with Windows since that's what they know and like so many bad habits it's hard to break.

That's especially true when the benefit, improved security, isn't seen as giving an immediate benefit. In the last few weeks, though, experts who aren't Linux fans, have been noticing that these days there are so many dangers with shopping or banking online while using Windows that they're now recommending people use Linux instead.

The most prominent example of this is The Washington Post's security columnist, Brian Krebs. Krebs recently recommended that after interviewing "dozens of victim companies that lost anywhere from $10,000 to $500,000 dollars because of a single malware infection," he's now recommending that, "commercial online banking customers consider accessing their accounts solely from non-Windows systems."

As Krebs points out, he's not the only one. The Financial Services Information Sharing and Analysis Center, an online financial-sector security forum recommends business users, ""carry out all online banking activity from a standalone, hardened, and locked-down computer from which e-mail and Web browsing is not possible."

Why businesses in particular? Because, as Krebs explains in another story, Businesses and consumers do not enjoy the same legal protections when banking online as consumers.

Consumers typically have up to 60 days from the receipt of a monthly statement to dispute any unauthorized charges. … Commercial banking customers have roughly two business days to spot and dispute unauthorized activity if they want to hold out any hope of recovery."

In short, businesses not only have more to lose, they have less time to detect thief.

At a public hearing on cyber-crime Detective Inspector Bruce van der Graaf from the Computer Crime Investigation Unit is reported to have said, "If you are using the internet for a commercial transaction, use a Linux boot up disk - such as Ubuntu) or some of the other flavours. Puppy Linux is a nice small distribution that boots up fairly quickly.

It gives you an operating system which is perfectly clean and operates only in the memory of the computer and is a perfectly safe way of doing internet banking."

By now some of you are saying that I don't make those kinds of mistakes with Windows. I keep my Windows system as clean as the first snow. And, maybe you can, but as security writer, Michael Horowitz, said, "In my opinion, while it is possible to secure a Windows computer, the process is too hard, too time-consuming and/or technically over the head of most people."

Therefore, unless you're an expert who puts the time in to keep your PC safe, he recommends that you should "consider instead, Macs and Linux, my preference being Linux" for your online finances.

Get the point? It's not safe else there on the big nasty Internet for your Windows PC. Windows 7 is filled with improvements, but security isn't among them.

As several of these people point out, it's not like you have to give up Windows.

You can use live Linux CDs for when you need to go shopping on Amazon or the like, and then return to your comfortable, but not especially safe, Windows.